Are NetBotz appliances vulnerable to the "Freak" exploit (CVE-2015-0204)?
Are NetBotz appliances vulnerable to the "Freak" exploit (CVE-2015-0204)
NetBotz version 2 and 3
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
In order for FREAK to be exploited, the following things are needed:
A broken or old browser
a server that supports EXPORT algorithms
a successful man in the middle attack
Recommendations are that our customers check their browser versions and make sure that they have versions
that are not affected. Without an effected browser, this attack is not possible. The browser should not have a buggy TLS
library and should not accept EXPORT algorithms (as well as other weak ciphers).
On the server side, this issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
Version 3 NetBotz will be updated with the newer version of OpenSSL to resolve this issue in version 4.5 of the NetBotz (Botzware) firmware.
Version 2 NetBotz will not be updated.
Please contact NetBotz technical support in your region if you have further questions.